security/sha1collisiondetection: a tool to detect SHA-1 collisions

https://github.com/cr-marcstevens/sha1collisiondetection

PR:		217733
Submitted by:	jharris@widomaker.com (maintainer)
Reviewed by:	mat
Approved by:	swills (mentor, implicit)
Differential Revision:	https://reviews.freebsd.org/D9998

4 files changed, 56 insertions, 0 deletions

diff --git a/security/Makefile b/security/Makefile
index 7aa26edf625e..0e0e4c2b49bc 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1083,6 +1083,7 @@
     SUBDIR += secure_delete
     SUBDIR += sguil
     SUBDIR += sha
+    SUBDIR += sha1collisiondetection
     SUBDIR += shibboleth2-sp
     SUBDIR += shimmer
     SUBDIR += shishi
diff --git a/security/sha1collisiondetection/Makefile b/security/sha1collisiondetection/Makefile
new file mode 100644
index 000000000000..d0a2a8f5ff2a
--- /dev/null
+++ b/security/sha1collisiondetection/Makefile
@@ -0,0 +1,36 @@
+# $FreeBSD$
+
+PORTNAME=	sha1collisiondetection
+PORTVERSION=	1.0.2
+DISTVERSIONPREFIX=	stable-v
+CATEGORIES=	security
+
+MAINTAINER=	jharris@widomaker.com
+COMMENT=	Library and command line tool to detect SHA-1 collisions
+
+LICENSE=	MIT
+LICENSE_FILE=	${WRKSRC}/LICENSE.txt
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	cr-marcstevens
+
+USE_LDCONFIG=	yes
+ALL_TARGET=	library tools
+
+USES=		gmake libtool:build
+
+PLIST_FILES=	bin/sha1dcsum \
+		bin/sha1dcsum_partialcoll \
+		include/sha1dc/sha1.h \
+		lib/libsha1detectcoll.so \
+		lib/libsha1detectcoll.so.0 \
+		lib/libsha1detectcoll.so.0.0.0
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/bin/.libs/sha1dcsum* ${STAGEDIR}${PREFIX}/bin
+	@${MKDIR} ${STAGEDIR}${PREFIX}/include/sha1dc
+	${INSTALL_DATA} ${WRKSRC}/lib/sha1.h ${STAGEDIR}${PREFIX}/include/sha1dc
+	${INSTALL_LIB} ${WRKSRC}/bin/.libs/libsha1detectcoll.so.0.0.0 ${STAGEDIR}${PREFIX}/lib
+	${LN} -sf ./libsha1detectcoll.so.0.0.0 ${STAGEDIR}${PREFIX}/lib/libsha1detectcoll.so
+	${LN} -sf ./libsha1detectcoll.so.0.0.0 ${STAGEDIR}${PREFIX}/lib/libsha1detectcoll.so.0
+
+.include <bsd.port.mk>
diff --git a/security/sha1collisiondetection/distinfo b/security/sha1collisiondetection/distinfo
new file mode 100644
index 000000000000..dd8c444e48b7
--- /dev/null
+++ b/security/sha1collisiondetection/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1489459273
+SHA256 (cr-marcstevens-sha1collisiondetection-stable-v1.0.2_GH0.tar.gz) = ab1a5624d12417b5af9ffe6662546b6932c39c0e4c4bef822851a2d0e53df790
+SIZE (cr-marcstevens-sha1collisiondetection-stable-v1.0.2_GH0.tar.gz) = 778302
diff --git a/security/sha1collisiondetection/pkg-descr b/security/sha1collisiondetection/pkg-descr
new file mode 100644
index 000000000000..e71395012ba3
--- /dev/null
+++ b/security/sha1collisiondetection/pkg-descr
@@ -0,0 +1,16 @@
+This library and command line tool were designed as near drop-in
+replacements for common SHA-1 libraries and sha1sum. They will compute
+the SHA-1 hash of any given file and additionally will detect
+cryptanalytic collision attacks against SHA-1 present in each file.
+It is very fast and takes less than twice the amount of time as
+regular SHA-1.
+
+There are two programs:  sha1dcsum and sha1dcsum_partialcoll.
+The first program, sha1dcsum, will detect and warn for files that were
+generated with a cryptanalytic SHA-1 collision attack like the one
+documented at https://shattered.io/. The second program,
+sha1dcsum_partialcoll, will detect and warn for files that were
+generated with a cryptanalytic collision attack against reduced-
+round SHA-1 (of which there are a few examples so far).
+
+WWW: https://github.com/cr-marcstevens/sha1collisiondetection